Chris Wysopal
@weld.bsky.social
Gray haired gray hat. Co-founder Veracode. Former L0pht security researcher. Builds tools to find and fix vulnerabilities in code at scale. Twitter: https://twitter.com/WeldPond
Reposted by Chris Wysopal
New policy paper out: An Achilles Heel of Today’s Armed Forces: Managing Software Supply Chain Risk in the Military Sector
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
November 20, 2025 at 9:42 AM
New policy paper out: An Achilles Heel of Today’s Armed Forces: Managing Software Supply Chain Risk in the Military Sector
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
Veracode Research finds that OpenAI GPT-5 writes more secure code than other models.
www.forbes.com/sites/the-wi...
www.forbes.com/sites/the-wi...
OpenAI’s New Model Just Got Much Better At Writing More Secure Code
OpenAI’s frontier model may not have astounded when it arrived earlier this year, but research indicates it’s now much better than others at writing code with fewer vulnerabilities.
www.forbes.com
November 18, 2025 at 3:05 PM
Veracode Research finds that OpenAI GPT-5 writes more secure code than other models.
www.forbes.com/sites/the-wi...
www.forbes.com/sites/the-wi...
I'm heartbroken to share that my friend of 30 yrs, Arthur Phillip Delchi, @delchi.bsky.social, DJ Delchi, has left us.
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)
November 15, 2025 at 4:53 PM
I'm heartbroken to share that my friend of 30 yrs, Arthur Phillip Delchi, @delchi.bsky.social, DJ Delchi, has left us.
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)
Kociemba has launched the No Longer Evil project, an open-source initiative aimed at breathing new life into decommissioned first- and second-generation Nest thermostats. www.techspot.com/news/110186-...
Hackers are saving Google's abandoned Nest thermostats with open-source firmware
Cody Kociemba, the developer behind the Hack/House collaborative project, is waging war against Google. The tech giant recently decided to discontinue the first two generations of its...
www.techspot.com
November 12, 2025 at 2:40 PM
Kociemba has launched the No Longer Evil project, an open-source initiative aimed at breathing new life into decommissioned first- and second-generation Nest thermostats. www.techspot.com/news/110186-...
Secure by design is shifting from vision to standard. Progress: >50% of apps now pass OWASP Top 10 checks (up from <33% in 2020), exploitable flaws dropped from 3.6% to 2.6%. But 70% of apps still have major flaws. Success means making security part of every build. www.forbes.com/councils/for...
Advancing Secure By Design From Ambition To Industry Standard
Real victory will come when secure by design isn’t a special initiative but the standard starting point for every project.
www.forbes.com
November 12, 2025 at 1:14 PM
Secure by design is shifting from vision to standard. Progress: >50% of apps now pass OWASP Top 10 checks (up from <33% in 2020), exploitable flaws dropped from 3.6% to 2.6%. But 70% of apps still have major flaws. Success means making security part of every build. www.forbes.com/councils/for...
Veracode found a malicious npm package “@acitons/artifact” impersonating @actions/artifact (206K+ DLs). It targeted GitHub repos to steal build tokens & publish malware. 6 versions used a post-install hook to fetch undetected malware. Veracode blocked & notified npm
www.veracode.com/blog/malicio...
www.veracode.com/blog/malicio...
Malicious NPM Package Found Targeting GitHub By Typosquatting on GitHub Action Packages | Veracode
Application Security for the AI Era | Veracode
www.veracode.com
November 12, 2025 at 1:09 PM
Veracode found a malicious npm package “@acitons/artifact” impersonating @actions/artifact (206K+ DLs). It targeted GitHub repos to steal build tokens & publish malware. 6 versions used a post-install hook to fetch undetected malware. Veracode blocked & notified npm
www.veracode.com/blog/malicio...
www.veracode.com/blog/malicio...
Reposted by Chris Wysopal
Some encouraging #righttorepair news out of DC... No, really!
Three US Senators: @welch.senate.gov, @warren.senate.gov and @fetterman.senate.gov have introduced new legislation that would create a federal right to repair farm equipment.
November 3, 2025 at 2:36 PM
Some encouraging #righttorepair news out of DC... No, really!
Reposted by Chris Wysopal
The @consumerreports.org cybersecurity testing lab has helped improve security for several connected products. We showcase a few examples of what they have found and how they work with companies to improve product security. Also, if you're building a connected device, encrypt your traffic.
How CR’s Testing Team is Boosting Security—One Smart Product at a Time - Innovation at Consumer Reports
Take a look inside CR’s testing lab, where our engineers are strengthening the security of connected devices and boosting consumer trust
innovation.consumerreports.org
October 30, 2025 at 6:53 PM
The @consumerreports.org cybersecurity testing lab has helped improve security for several connected products. We showcase a few examples of what they have found and how they work with companies to improve product security. Also, if you're building a connected device, encrypt your traffic.
I'm struggling to understand why the attackers are classified as hacktivists and not nation-state attackers as when Salt Typhoon made similar compromises.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Canada says hacktivists breached water and energy facilities
The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that c...
www.bleepingcomputer.com
October 30, 2025 at 7:20 PM
I'm struggling to understand why the attackers are classified as hacktivists and not nation-state attackers as when Salt Typhoon made similar compromises.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Well doesn’t this @axios cybersecurity news item just sum up the state of consumer internet privacy
October 28, 2025 at 8:36 PM
Well doesn’t this @axios cybersecurity news item just sum up the state of consumer internet privacy
“If you’re being arrested at 17, you’re being weaponised at around 11. It’s not happening overnight & the entry point is gaming, which acts as a live lab for skill set development. These young people are modifying and hacking games to find the loopholes.” www.theguardian.com/from-play-to...
‘You can be an ethical hacker, not a criminal one’: the initiative guiding young gamers into cybersecurity
Online criminal gangs are targeting young gamers for their coding skills. Yet a new partnership between Co-op and The Hacking Games seeks to harness these skills for good, providing potential careers ...
www.theguardian.com
October 28, 2025 at 11:43 AM
“If you’re being arrested at 17, you’re being weaponised at around 11. It’s not happening overnight & the entry point is gaming, which acts as a live lab for skill set development. These young people are modifying and hacking games to find the loopholes.” www.theguardian.com/from-play-to...
Regulation of white hat hackers is coming soon to Russia. The FSB will be able to set requirements for white hats: those who do not comply with them will be banned from working. Programmers will have to share the found "gaps" in information protection with both the company and the special services
October 27, 2025 at 7:04 PM
Regulation of white hat hackers is coming soon to Russia. The FSB will be able to set requirements for white hats: those who do not comply with them will be banned from working. Programmers will have to share the found "gaps" in information protection with both the company and the special services
Mother Jones on First Wap's SS7 based tracker. The old an insecure phone system keeps giving.
www.motherjones.com/politics/202...
www.motherjones.com/politics/202...
The surveillance empire that tracked world leaders, a Vatican enemy, and maybe you
Inside the hidden world of First Wap, whose untraceable tech has targeted politicians, journalists, celebrities, and activists around the globe.
www.motherjones.com
October 14, 2025 at 6:03 PM
Mother Jones on First Wap's SS7 based tracker. The old an insecure phone system keeps giving.
www.motherjones.com/politics/202...
www.motherjones.com/politics/202...
Was this DEFCON eBPF bug talk hallucinated?
www.thestack.technology/defcon-ebpf-...
www.thestack.technology/defcon-ebpf-...
DEFCON talk on Linux kernel bugs drives AI slop row
"The code would not compile or run. This all points to LLM hallucination..."
www.thestack.technology
October 10, 2025 at 1:36 PM
Was this DEFCON eBPF bug talk hallucinated?
www.thestack.technology/defcon-ebpf-...
www.thestack.technology/defcon-ebpf-...
Hackers are getting younger and we need to stage an intervention.
“Twenty-five years ago, you had to use unconventional talent in cybersecurity because there were no degree programmes or bootcamps,”
We need to tap in to this talent like we did back then.
www.computing.co.uk/feature/the-...
“Twenty-five years ago, you had to use unconventional talent in cybersecurity because there were no degree programmes or bootcamps,”
We need to tap in to this talent like we did back then.
www.computing.co.uk/feature/the-...
The kids aren’t alright: Why cybersecurity needs unconventional talent
As the average age of cybercriminals gets younger, the cybersecurity industry is desperately short of the skills it needs to adapt and innovate. Turning cybersecurity ...
www.computing.co.uk
October 9, 2025 at 3:01 PM
Hackers are getting younger and we need to stage an intervention.
“Twenty-five years ago, you had to use unconventional talent in cybersecurity because there were no degree programmes or bootcamps,”
We need to tap in to this talent like we did back then.
www.computing.co.uk/feature/the-...
“Twenty-five years ago, you had to use unconventional talent in cybersecurity because there were no degree programmes or bootcamps,”
We need to tap in to this talent like we did back then.
www.computing.co.uk/feature/the-...
Stellar weekend in Newport, RI. My daughter got married to a wonderful man! My son even played in the band. So happy and grateful for family!
October 5, 2025 at 7:40 PM
Stellar weekend in Newport, RI. My daughter got married to a wonderful man! My son even played in the band. So happy and grateful for family!
Are you ready for the 2036 Epochalypse and the 2038 Time Rollover? This makes Y2K seem easy.
September 30, 2025 at 5:55 PM
Are you ready for the 2036 Epochalypse and the 2038 Time Rollover? This makes Y2K seem easy.
Reposted by Chris Wysopal
gofund.me/ae3e52797
It is with great sadness I share the passing of Caspian Shea youngest son of Johanna and Dylan. We are asking for your support covering medical and funeral arrangements during this unimaginable time. Please consider donating - but do share far and wide
It is with great sadness I share the passing of Caspian Shea youngest son of Johanna and Dylan. We are asking for your support covering medical and funeral arrangements during this unimaginable time. Please consider donating - but do share far and wide
Donate to Supporting the Shea Family in Loving Memory of Caspian, organized by Debra Kavaler Wysopal
On behalf of the Shea family, we have created this page of su… Debra Kavaler Wysopal needs your support for Supporting the Shea Family in Loving Memory of Caspian
gofund.me
September 25, 2025 at 4:51 PM
gofund.me/ae3e52797
It is with great sadness I share the passing of Caspian Shea youngest son of Johanna and Dylan. We are asking for your support covering medical and funeral arrangements during this unimaginable time. Please consider donating - but do share far and wide
It is with great sadness I share the passing of Caspian Shea youngest son of Johanna and Dylan. We are asking for your support covering medical and funeral arrangements during this unimaginable time. Please consider donating - but do share far and wide
I write this post with a sad and heavy heart. My close friends Dylan and Jo's child, Caspian, has died. You may know Dylan as FreqOut, a longtime member of the hacker community (cDc). The family faces significant medical and funeral costs. If you can, please donate or share: gofund.me/13b9506f0
Donate to Supporting the Shea Family in Loving Memory of Caspian, organized by Debra Kavaler Wysopal
On behalf of the Shea family, we have created this page of su… Debra Kavaler Wysopal needs your support for Supporting the Shea Family in Loving Memory of Caspian
gofund.me
September 25, 2025 at 5:00 PM
I write this post with a sad and heavy heart. My close friends Dylan and Jo's child, Caspian, has died. You may know Dylan as FreqOut, a longtime member of the hacker community (cDc). The family faces significant medical and funeral costs. If you can, please donate or share: gofund.me/13b9506f0
Teen hackers aren’t villains-in-waiting, they’re untapped defenders. We can intercept talent early, show real career paths, and turn curiosity into cyber defense. My take on building ethical on-ramps for #cybersecurity www.forbes.com/councils/for...
Intercepting Talent: Turning Hackers Into Cyber Defenders
Teen hackers are reshaping cybersecurity. Channeling their curiosity into ethical hacking could transform risks into the next wave of defenders.
www.forbes.com
September 19, 2025 at 5:47 PM
Teen hackers aren’t villains-in-waiting, they’re untapped defenders. We can intercept talent early, show real career paths, and turn curiosity into cyber defense. My take on building ethical on-ramps for #cybersecurity www.forbes.com/councils/for...
30 years ago today, I saw Hackers in theaters with my crew @l0pht.bsky.social Later, I met my wife @debdebdeb.bsky.social on IRC. Then I co-founded a cybersecurity company @veracode.bsky.social with fellow L0pht hacker @dildog.l0pht.com What a journey! Anyone else feeling old? Post your story.
September 15, 2025 at 4:31 PM
30 years ago today, I saw Hackers in theaters with my crew @l0pht.bsky.social Later, I met my wife @debdebdeb.bsky.social on IRC. Then I co-founded a cybersecurity company @veracode.bsky.social with fellow L0pht hacker @dildog.l0pht.com What a journey! Anyone else feeling old? Post your story.
Reposted by Chris Wysopal
BOSTON AREA #synthsky! Hidden Fountain is having our video release show at the French Club in N Cambridge this Saturday. Music from us, Mute City, Bell System (sifu.tweety.fish), and Kathy Snax, followed by videos and short films from Coco Roy and AV Carraway! info/tix at hiddenfounta.in.
September 11, 2025 at 5:09 PM
BOSTON AREA #synthsky! Hidden Fountain is having our video release show at the French Club in N Cambridge this Saturday. Music from us, Mute City, Bell System (sifu.tweety.fish), and Kathy Snax, followed by videos and short films from Coco Roy and AV Carraway! info/tix at hiddenfounta.in.
On this Sept 11, we remember. My wife served at Ground Zero as a first responder. Yesterday she rang the radiation bell, a milestone on her road to beating breast cancer. Grief + gratitude, service + strength. Proud of her. #NeverForget #FirstResponder #BreastCancer
September 11, 2025 at 1:18 PM
On this Sept 11, we remember. My wife served at Ground Zero as a first responder. Yesterday she rang the radiation bell, a milestone on her road to beating breast cancer. Grief + gratitude, service + strength. Proud of her. #NeverForget #FirstResponder #BreastCancer
Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis.
www.helpnetsecurity.com/2025/09/08/c...
www.helpnetsecurity.com/2025/09/08/c...
Cybersecurity research is getting new ethics rules, here's what you need to know - Help Net Security
Cybersecurity research ethics is required at top conferences. A guide helps researchers balance innovation, risk, stakeholder responsibility.
www.helpnetsecurity.com
September 10, 2025 at 6:36 PM
Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis.
www.helpnetsecurity.com/2025/09/08/c...
www.helpnetsecurity.com/2025/09/08/c...
